Suggest A Fix PC Support Forums > 'Disappear' you're email!

Suggest A Fix PC Support Forums > Security > Security Tools and Articles > Tools and Utilities - read only

73-997563179

Aug 23 2001, 01:59 PM

Most computer users with some experience treat e-mail messages with the informality of an untaped phone call. As Bill Gates and a host of lesser-known e-mail users have discovered, this can be a big mistake.

Obviously, you can delete e-mail, but deleted computer files have a nasty way of resurfacing. What you may need is disappearing e-mail from the San Francisco firm that calls itself Disappearing.

Disappearing e-mail has two parts: a 300KB add-on to Microsoft's Outlook 98 or 2000 on each user's desktop, and a Disappearing key server that is accessible via the Web. (A version for Lotus Notes is due this quarter, but Notes users can read disappearing e-mail messages that they receive.) Once the software is installed on Outlook, the user will see a new tab on Outlook's Options menu and a "Send Disappearing E-Mail" button when drafting a new message.

When the message is ready to go, click the Send Disappearing E-Mail button instead of the usual Send button, and the message is sent like any Outlook message.

Vanishing Views
When a recipient gets the message, it looks just like regular e-mail except for a notation that the message will disappear after a given period. If anyone attempts to read or reread the message after the expiration date and time, the message says it has expired. If a forensics expert tries to resurrect the message from a backup tape or fragments of a hard disk, he or she may find that a message was sent from one person to another, but won't be able to read it.

If the recipient doesn't use Outlook, the message arrives as a hyperlink attachment with a note about expiration. Click on the hyperlink before the expiration time, and the message opens in your browser; after that, you'll see a message that says your e-mail message has expired.

Disappearing e-mail can be installed for a minimum of $10,000 per year for 100 users.

A Web-based policy module gives your system administrator several options, including the ability to determine who is required to use the system--all users or just specific people--and set a maximum period for which a message will be available.

This module also lets users freeze the keys for all messages or a selected group of messages. This defeats the disappearing e-mail mechanism. However, it is useful if your company is hit with a subpoena, or litigation becomes a possibility, and your lawyers decide that e-mail is evidence and must not be destroyed.

The desktop version of Disappearing e-mail, which doesn't offer policy options, is available for free download at http://www.disappearing.com.

Encrypt your e-mail by traditional means, and a court might order you to provide your opponent with a key that lets him or her read those messages. But no key exists for disappearing e-mail once it has disappeared. Neither sender nor recipient ever knows what the key is, and neither has any control over it. And not even the service vendor can provide or reconstruct a key.

There are a few potential security holes: Recipients can print e-mail messages before they expire or copy and paste the text of unexpired messages into nonexpiring files. Attachments are never encrypted and never disappear. A version that permits encryption of attachments and prohibits printing and copying and pasting is due in the next few months; it may include an "Oops" button that lets senders make messages disappear before they're read.

A routine e-mail destruction policy makes sense for many organizations. Disappearing e-mail enables you to implement such a policy effectively and to know that when it's gone, it's really gone.

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.